Releases: aquasecurity/tracee
Releases Β· aquasecurity/tracee
v0.20.0
β‘οΈ Release notes and discussion: https://github.com/aquasecurity/tracee/discussions/3869 β‘οΈ
Docker Image
docker pull docker.io/aquasec/tracee:0.20.0
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.20.0
docker pull docker.io/aquasec/tracee:aarch64-0.20.0
What's Changed
- docs(mkdocs): rename crs to cri in menu by @rafaeldtinoco in #3671
- Add verify-docs job by @geyslan in #3672
- rebase of #3638 by @rafaeldtinoco in #3683
- Fix readme by @rafaeldtinoco in #3686
- chore(container): same default events as k8s deployment by @rafaeldtinoco in #3687
- fix(ebpf): use ts as fd_arg_path_map key by @geyslan in #3674
- fix(finding): add missing fields by @NDStrahilevitz in #3694
- refactor(engine): feed engine with signatures events by @AlonZivony in #3681
- feat(signatures): add simple proctree datasource envelope by @AlonZivony in #3692
- Make filtered aggregation possible by @geyslan in #3677
- feature(types): add packet metadata type by @NDStrahilevitz in #3708
- Packet direction flag by @NDStrahilevitz in #3706
- minor fix on top of #3707 by @rafaeldtinoco in #3709
- probes: improve probes by having specific getters by @rafaeldtinoco in #3710
- feat(types): time relevant info for proctree by @AlonZivony in #3712
- docs: add discussion template for adopters by @AnaisUrlichs in #3702
- Feature/proctree query time by @AlonZivony in #3691
- Feature: DNS Cache datasource by @NDStrahilevitz in #3679
- chore: rename Context to EventContext by @geyslan in #3716
- Pin pandoc version to 3.1.2 by @geyslan in #3720
- libbpfgo bump to v0.6.0-libbpf-1.3 by @geyslan in #3713
- make #3715 pass doc verification by @rafaeldtinoco in #3721
- chore(ci): bump changed-files to v40.2.0 by @geyslan in #3723
- bugfix(ebpf): avoid errors upon hash calc fail by @AlonZivony in #3733
- fix: webhook template should support sprig funcs by @josedonizetti in #3724
- feature: add ctime to containers data source by @NDStrahilevitz in #3728
- chore(release): use go1.20 for releasing by @rafaeldtinoco in #3740
- chore: fix typo by @josedonizetti in #3736
- fix(release): tracee-container alpine version to 3.18 by @rafaeldtinoco in #3744
- Network: add net_tcp_connect event with DNS support by @rafaeldtinoco in #3738
- chore: refer to man pages by @geyslan in #3749
- feature: pluggable datasources by @josedonizetti in #3737
- Bugfix/parse finding type correctly by @AlonZivony in #3760
- Writeable datasource types by @NDStrahilevitz in #3759
- feature(api): add data source grpc service by @NDStrahilevitz in #3761
- chore(api): fix typo by @NDStrahilevitz in #3762
- chore(makefile): fix doube-quoted version string by @rafaeldtinoco in #3764
- feat(ebpf): optimize sendmsg/recvmsg kprobes by @NDStrahilevitz in #3766
- feature(event): create net_flow_tcp_begin event by @rafaeldtinoco in #3750
- fix(network): fix http request/response events by @rafaeldtinoco in #3770
- chore: update proto types by @josedonizetti in #3772
- chore(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #3773
- fix(ebpf): adjust inode struct to kernel v6.6 by @NDStrahilevitz in #3769
- feat(types): improve datasource write api by @NDStrahilevitz in #3763
- fix: filter dispatching to signatures by @NDStrahilevitz in #3729
- feature: Add name and properties to Threat, and add Threat to Event definition. by @josedonizetti in #3742
- feature: writeable data source by @NDStrahilevitz in #3725
- Improve performance of exec-hash by @NDStrahilevitz in #3752
- fix: create pid file under install-path by @NDStrahilevitz in #3775
- feature: add signature name to event definition by @josedonizetti in #3743
- add Struct type and detect.FindingData by @josedonizetti in #3776
- Fix dynamic data arguments by @josedonizetti in #3777
- chore(derive/http): change log level when packets are malformed by @NDStrahilevitz in #3780
- Types protected finding by @NDStrahilevitz in #3782
- Protected finding data by @NDStrahilevitz in #3779
- chore(deps): bump tj-actions/changed-files from 40.2.0 to 41.0.0 in /.github/workflows by @dependabot in #3788
- fix: use thread safe wrapper for ksyms table by @NDStrahilevitz in #3786
- fix: triggeredBy should print event on table output by @josedonizetti in #3792
- fix(doc): contribution document link by @yasindce1998 in #3794
- Pin revive version by @geyslan in #3796
- fix(ebpf): fix hidden_kernel_module error in some kernels by @OriGlassman in #3797
- fix(events): restore dependency in hooked_syscall by @NDStrahilevitz in #3784
- Introduce Policies versioning (map of maps) by @geyslan in #3305
- Update Golang in all Project by @rafaeldtinoco in #3806
- chore(docs): specify distros and versions support by @rafaeldtinoco in #3808
- Remove BPF map macros by @geyslan in #3735
- Fix event data structure by @josedonizetti in #3812
- Fix symbol multi addrs by @rafaeldtinoco in #3802
- chore(ci): add mantic 6.6 AMIs by @geyslan in #3810
- fix(capture): restore absolute time in pcap frames by @AlonZivony in #3800
- Update api types by @josedonizetti in #3814
- feat(signatures): expose signatures helpers as Go module by @AlonZivony in #3765
- chore(deps): bump github.com/containerd/containerd from 1.7.0 to 1.7.11 by @dependabot in #3816
- Make policies config versioned by @geyslan in #3809
- chore: remove replace of signatures helpers by @AlonZivony in #3819
- grpc: fix nil arguments by @josedonizetti in #3823
- chore: remove clang march flag by @geyslan in #3831
- chore: increase vb resources by @geyslan in #3833
- fix: skip timestamp normalizing in derived events by @NDStrahilevitz in #3835
- fix: change missing probe log level by @josedonizetti in #3836
- chore(deps): bump github.com/opencontainers/runc from 1.1.7 to 1.1.12 by @dependabot in #3837
- Fix ArgsNum by @geyslan in #3839
- Fix typo in kubernetes install guide by @logicfox in #3846
- Various cgroup and mounting fixes and optimizations by @NDStrahilevitz in #3829
- fix(processors): change args values by name by @AlonZivony in #3838
- Set exec-hash default option by @geyslan in #3852
...
v0.19.0
Docker Image
docker pull docker.io/aquasec/tracee:0.19.0
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.19.0
docker pull docker.io/aquasec/tracee:aarch64-0.19.0
What's Changed
Release Notes: https://github.com/aquasecurity/tracee/discussions/3670
Full Changelog: v0.18.0-rc...v0.19.0-rc
v0.18.1
Docker Image
docker pull docker.io/aquasec/tracee:0.18.1
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.18.1
docker pull docker.io/aquasec/tracee:aarch64-0.18.1
v0.18.0
Docker Image (x86_64 only)
docker pull docker.io/aquasec/tracee:0.18.0
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.18.0
docker pull docker.io/aquasec/tracee:aarch64-0.18.0
What's Changed
- make: set LIBBPFGO_OSRELEASE_FILE default value by @geyslan in #3226
- chore: migrate to golang-lru v2 by @NDStrahilevitz in #3140
- (extensions) probes: create probe group, events: start work by @rafaeldtinoco in #3223
- flags: refactor FilterMap by @yanivagman in #3222
- go.mod: remove types replace by @NDStrahilevitz in #3236
- containers: trim mountpoint from stored paths by @NDStrahilevitz in #3231
- docs: remove old trace subcommand by @geyslan in #3238
- ebpf: pipeline: reduce iteration over policies by @geyslan in #3209
- engine: fix panic on waitgroup by @josedonizetti in #3233
- Update packaging.md for Ubuntu package building by @pimvh in #3243
- ebpf: fix socket_accept event by @NDStrahilevitz in #3240
- fix: fix container edge case in events pipeline by @geyslan in #3253
- tracee: skip golang plugin for static binaries by @josedonizetti in #3244
- Fix typo in Vagrantfile's comment by @64J0 in #3260
- tracee: signatures-dir accept multiple values by @josedonizetti in #3246
- change hooked_syscalls event so users can specify syscalls to check. by @AsafEitani in #3136
- events: hidden_kernel_module changes by @OriGlassman in #3255
- config: extract config structs to its own pkg by @geyslan in #3228
- eBPF control plane signals by @NDStrahilevitz in #3237
- build: remove signing from snapshot by @josedonizetti in #3271
- release: bump release tag to 0.16.0 by @josedonizetti in #3272
- fix: send init events to pipeline by @geyslan in #3270
- thread-safety issues fix by @rafaeldtinoco in #3265
- fix(pkg/events): fix tailcall dependencies race issues by @rafaeldtinoco in #3274
- build: remove release on tag push by @josedonizetti in #3273
- chore: move syscaller to dist by @geyslan in #3269
- fix(tests): fix input paths in parsecmd test by @rafaeldtinoco in #3275
- tracee: add analyze cmd by @josedonizetti in #3101
- policies: rename list fields to be plural by @josedonizetti in #3242
- fix(pkg/counter): finish making counter atomic by @rafaeldtinoco in #3276
- fix: derived event not triggering if base filtered by @josedonizetti in #3280
- enrich: fixes post control plane by @NDStrahilevitz in #3285
- docs: add analyze documentation by @josedonizetti in #3292
- doc: add tutorial to verify tracee signature by @josedonizetti in #3291
- fix: signature event not triggering if base filtered by @josedonizetti in #3281
- pipeline memory efficiency using pool by @geyslan in #3297
- events: update syscall_pathname for security_file_open by @OriGlassman in #3298
- Events and Scope flags by @geyslan in #3262
- pkg/containers: fix deadlock by @josedonizetti in #3311
- [v0.16.0] chore: bump k8s tag to 0.16.1 by @josedonizetti in #3316
- docs: updating link to tracee docs for search results by @AnaisUrlichs in #3317
- feature: remove policy actions by @josedonizetti in #3314
- fix(server): re-enable prometheus counters. by @rafaeldtinoco in #3304
- fix (cgroups): already dead edge case by @NDStrahilevitz in #3325
- docs: updating policies overview by @AnaisUrlichs in #3318
- chore bump 0.16.2 by @josedonizetti in #3331
- feature(k8s): policy k8s compatible by @josedonizetti in #3330
- chore: bump k8s tag to 0.17.0 by @josedonizetti in #3336
- fix(ebpf): size of mntns/pidns filters key holders by @geyslan in #3337
- fix: validate policy names are rfc 1123 by @josedonizetti in #3335
- remove help command, create flags markdown docs by @geyslan in #3321
- fix: data source registration after NewEngine by @NDStrahilevitz in #3342
- fix(build): btfhub's bpftool in alpine container by @geyslan in #3349
- chore(build): add LOGFROM flag to check-pr rule by @geyslan in #3348
- chore(build): change check-pr output format by @geyslan in #3351
- refactor(events): new event definitions (mutable vs immutable data) by @rafaeldtinoco in #3340
- fix(filter): remove unneeded workaround by @rafaeldtinoco in #3352
- events: adjust hidden kernel module event to v6.4 by @OriGlassman in #3360
- fix(config): loading config file by @josedonizetti in #3370
- Update the URL as the old one did not lead to the grafana tutorial an⦠by @AnaisUrlichs in #3371
- chore(docs): add note for quote yaml value by @geyslan in #3367
- chore: bump k8s tags to 0.17.1 by @josedonizetti in #3374
- bugfix(capture): remove CONFIG_KALLSYMS_ALL dependency by @AlonZivony in #3381
- docs: additional resources for the docs by @AnaisUrlichs in #3379
- feat: add tracee rpc service by @josedonizetti in #3389
- feat: add loggers atomic level by @josedonizetti in #3391
- Add grpc server by @josedonizetti in #3390
--help
flag parsing by @geyslan in #3393- feat: add diagnostic rpc by @josedonizetti in #3395
- Add grpc diagnostic by @josedonizetti in #3394
- fix: k8s policies tutorial by @josedonizetti in #3373
- chore(flags): change scope/event flag parsers by @geyslan in #3343
- fix: log level should match zap log priority by @josedonizetti in #3409
- fix: ignore error for cgroups that doesn't exist by @josedonizetti in #3410
- refactor: getStackAddresses doesn't return an err by @josedonizetti in #3414
- chore(revive): mitigate redundant warning by @rafaeldtinoco in #3417
- fix: committing typo by @testwill in #3418
- feature(types): add task identifier by @rafaeldtinoco in #3425
- fix(flags): use scope flag parser for policy by @geyslan in #3429
- fix: capture of writev by @roikol in #3413
- fix: fix section name for vfs_readv by @AlonZivony in #3421
- feat: filter file capture by ELF type by @AlonZivony in #3361
- docs: modifying readme by @AnaisUrlichs in #3378
- Fix(capture): fix verifier issue with elf capture by @AlonZivony in #3433
- fix: print_mem_dump fails on missing symbol by @NDStrahilevitz in #3384
- Revert "fix: print_mem_dump fails on missing symbol (#3384)" by @AlonZivony in #3436
- fix(definitions): ksymbols dependencies handled wrongly by @rafaeldtinoco in #3443
- feat: add streams by @josedonizetti in https://github.com/aquasecurity/tracee...
v0.17.1
Docker Image (x86_64 only)
docker pull docker.io/aquasec/tracee:0.17.1
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.17.1
docker pull docker.io/aquasec/tracee:aarch64-0.17.1
v0.17.0
Docker Image (x86_64 only)
docker pull docker.io/aquasec/tracee:0.17.0
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.17.0
docker pull docker.io/aquasec/tracee:aarch64-0.17.0
v0.16.2
Docker Image (x86_64 only)
docker pull docker.io/aquasec/tracee:0.16.2
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.16.2
docker pull docker.io/aquasec/tracee:aarch64-0.16.2
What's Changed
- [v0.16.0] backport: dead cgroups fix by @NDStrahilevitz in #3326
Full Changelog: v0.16.1...v0.16.2
v0.16.1
Docker Image (x86_64 only)
docker pull docker.io/aquasec/tracee:0.16.1
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.16.1
docker pull docker.io/aquasec/tracee:aarch64-0.16.1
What's Changed
- pkg/containers: fix deadlock @josedonizetti in #3311
v0.16.0
Docker Image (x86_64 only)
docker pull docker.io/aquasec/tracee:0.16.0
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.16.0
docker pull docker.io/aquasec/tracee:aarch64-0.16.0
What's Changed
- make: set LIBBPFGO_OSRELEASE_FILE default value by @geyslan in #3226
- chore: migrate to golang-lru v2 by @NDStrahilevitz in #3140
- (extensions) probes: create probe group, events: start work by @rafaeldtinoco in #3223
- flags: refactor FilterMap by @yanivagman in #3222
- go.mod: remove types replace by @NDStrahilevitz in #3236
- containers: trim mountpoint from stored paths by @NDStrahilevitz in #3231
- docs: remove old trace subcommand by @geyslan in #3238
- ebpf: pipeline: reduce iteration over policies by @geyslan in #3209
- engine: fix panic on waitgroup by @josedonizetti in #3233
- Update packaging.md for Ubuntu package building by @pimvh in #3243
- ebpf: fix socket_accept event by @NDStrahilevitz in #3240
- fix: fix container edge case in events pipeline by @geyslan in #3253
- tracee: skip golang plugin for static binaries by @josedonizetti in #3244
- Fix typo in Vagrantfile's comment by @64J0 in #3260
- tracee: signatures-dir accept multiple values by @josedonizetti in #3246
- change hooked_syscalls event so users can specify syscalls to check. by @AsafEitani in #3136
- events: hidden_kernel_module changes by @OriGlassman in #3255
- config: extract config structs to its own pkg by @geyslan in #3228
- eBPF control plane signals by @NDStrahilevitz in #3237
- build: remove signing from snapshot by @josedonizetti in #3271
- release: bump release tag to 0.16.0 by @josedonizetti in #3272
- fix: send init events to pipeline by @geyslan in #3270
- thread-safety issues fix by @rafaeldtinoco in #3265
- fix(pkg/events): fix tailcall dependencies race issues by @rafaeldtinoco in #3274
- build: remove release on tag push by @josedonizetti in #3273
- chore: move syscaller to dist by @geyslan in #3269
- fix(tests): fix input paths in parsecmd test by @rafaeldtinoco in #3275
- tracee: add analyze cmd by @josedonizetti in #3101
- policies: rename list fields to be plural by @josedonizetti in #3242
- [v0.16.0] fix(pkg/counter): finish making counter atomic (#3276) by @rafaeldtinoco in #3284
- [v0.16.0] fix: derived event not triggering if base filtered by @josedonizetti in #3287
- [v0.16.0] fix: enrich post control plane (#3285) by @NDStrahilevitz in #3289
New Contributors
Full Changelog: v0.15.1...v0.16.0
v0.15.1
Docker Image (x86_64 only)
docker pull docker.io/aquasec/tracee:0.15.1
Docker Images (per architecture)
docker pull docker.io/aquasec/tracee:x86_64-0.15.1
docker pull docker.io/aquasec/tracee:aarch64-0.15.1
What's Changed
- workflow: fix cosign signing by @josedonizetti in #3212
- make integration tests more robust by @geyslan in #2688
- tests: fix event MatchedPoliciesUser check by @geyslan in #3220
- vagrant: clean up/fix provisioning script by @geyslan in #3216
- Create SECURITY.md by @itaysk in #3221
- ebpf: fix mem_prot_alert anonymous file info by @AlonZivony in #3225
- makefile: add check-pr rule by @geyslan in #3215
- tracee: fix panic when ctrl-c after the boot by @josedonizetti in #3188
- k8s: bump release tag to 0.15.1 by @josedonizetti in #3232
Full Changelog: v0.15.0...v0.15.1